DefaultAuthenticatorMBean

Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

The MBean that represents configuration attributes for the WebLogic Authentication provider. The WebLogic Authentication provider has methods to edit, list, and manage users, groups, and group membership. User and group information is stored in an embedded LDAP server. Deprecation of MBeanHome and Type-Safe InterfacesThis is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.authentication.DefaultAuthenticatorMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.
Access Points Inherited from AuthenticationProviderMBean Because this MBean extends or implements AuthenticationProviderMBean, you can also access this MBean by retrieving AuthenticationProviderMBeans. The following attributes contain AuthenticationProviderMBeans and its subtypes:

    Related MBeans

    This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.

      Realm

      Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

             
      Privileges Read only
      TypeRealmMBean
      Relationship type: Reference.

      Attributes

      This section describes the following attributes:

      ControlFlag

      Returns how the login sequence uses the Authentication provider.

      A REQUIRED value specifies this LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. This setting is the default.

      A REQUISITE value specifies this LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, control is return to the application.

      A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.

      An OPTIONAL value specifies this LoginModule need not succeed. Whether it succeeds or fails, authentication proceeds down the LoginModule list.

             
      Privileges Read/Write
      Typejava.lang.String
      Default ValueREQUIRED
      Legal Values
      • REQUIRED
      • REQUISITE
      • SUFFICIENT
      • OPTIONAL

      Description

      A short description of the Authentication provider.

             
      Privileges Read only
      Typejava.lang.String
      Default ValueWebLogic Authentication Provider
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      EnableGroupMembershipLookupHierarchyCaching

      Returns whether group membership hierarchies found during recursive membership lookup will be cached. If true, each subtree found will be cached.

             
      Privileges Read/Write
      Typejava.lang.Boolean

      GroupHierarchyCacheTTL

      Returns the maximum number of seconds a group membership hierarchy entry is valid in the LRU cache.

             
      Privileges Read/Write
      Typejava.lang.Integer
      Default Value60

      GroupMembershipSearching

      Specifies whether recursive group membership searching is unlimited or limited. Valid values are unlimited and limited.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Valueunlimited
      Legal Values
      • unlimited
      • limited

      KeepAliveEnabled

      Specifies whether to prevent LDAP connections from timing out.

             
      Privileges Read/Write
      Typeboolean

      MaxGroupHierarchiesInCache

      Returns the maximum size of the LRU cache for holding group membership hierarchies if caching is enabled.

             
      Privileges Read/Write
      Typejava.lang.Integer
      Default Value100

      MaxGroupMembershipSearchLevel

      Specifies how many levels of group membership can be searched. This setting is valid only if GroupMembershipSearching is set to limited. Valid values are 0, and positive numbers. For example, 0 indicates only direct group memberships will be found, a positive number indicates the number of levels to go down.

             
      Privileges Read/Write
      Typejava.lang.Integer
      Default Value0

      MinimumPasswordLength

      The minimum number of characters required in a password.

             
      Privileges Read/Write
      Typeint
      Default Value8
      Minimum value0

      Name

             
      Privileges Read only
      Typejava.lang.String
      Default ValueDefaultAuthenticator
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      PasswordDigestEnabled

      Enables the storage of password information required to support Web Services Security Password Digest and other digest authentication algorithms. If set to true, the WebLogic Authentication provider stores the user password in a 2-way encrypted form. The original password can then be retrieved and used for digest authentication.

             
      Privileges Read/Write
      Typeboolean

      PropagateCauseForLoginException

      No description provided.

             
      Privileges Read/Write
      Typeboolean

      ProviderClassName

      The name of the Java class used to load the Authentication provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Valueweblogic.security.providers.authentication.DefaultAuthenticationProviderImpl
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedExportConstraints

      The users and groups that you want to be exported from this Authentication provider's database. If none are specified, all are exported. If EnablePasswordDigestInformation is set to true, then 2- way encrypted passwords can be exported via the passwords=cleartext constraint.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value users groups passwords
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedExportFormats

      The format of the file to export. The list of supported export formats is determined by this Authentication provider.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value DefaultAtn
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedImportConstraints

      The users and groups that you want to be imported into this Authentication provider's database. If no constraints are specified, all are imported.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedImportFormats

      The format of the file to import. The list of supported import formats is determined by the Authentication provider from which the users and groups were originally exported.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value DefaultAtn
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      UseRetrievedUserNameAsPrincipal

      Specifies whether to use the user name retrieved from LDAP as the Principal in the Subject.

             
      Privileges Read/Write
      Typejava.lang.Boolean

      Version

      The version number of the Authentication provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Value1.0
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      Operations

      This section describes the following operations:

      addMemberToGroup

      Adds a user or group (member) to a group. If the member already belongs to the group, this method does nothing.

         
      Operation Name"addMemberToGroup"
      ParametersObject [] {  groupNamememberUserOrGroupName }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name of an existing group to which this method adds a member.

      • memberUserOrGroupName is an object of type java.lang.String that specifies:

        - The name of the member, which must be an existing user or group.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      advance

      Advances the list to the next element in the list.

         
      Operation Name"advance"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      changeUserPassword

      Used by a user to change his or her password.

         
      Operation Name"changeUserPassword"
      ParametersObject [] {  userNameoldPasswordnewPassword }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name of an existing user.

      • oldPassword is an object of type java.lang.String that specifies:

        - The current password for the user.

      • newPassword is an object of type java.lang.String that specifies:

        - The new password for the user. The Authentication provider determines the syntax requirements for passwords.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      close

      Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

         
      Operation Name"close"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      createGroup

      Creates a group.

         
      Operation Name"createGroup"
      ParametersObject [] {  groupNamedescription }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name of the new group. The name cannot be the name of an existing user or group. The Authentication provider determines syntax requirements for the group name.

      • description is an object of type java.lang.String that specifies:

        - The description of the group.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.AlreadyExistsException
      • weblogic.management.utils.InvalidParameterException

      createUser

      Creates a user and sets the user's password.

         
      Operation Name"createUser"
      ParametersObject [] {  userNamepassworddescription }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name of the new user. The name cannot be the name of an existing user or group. The Authentication provider determines syntax requirements for the user name.

      • password is an object of type java.lang.String that specifies:

        - The password for the new user. The Authentication provider determines syntax requirements for passwords.

      • description is an object of type java.lang.String that specifies:

        - The description of the user.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.AlreadyExistsException

      exportData

      Exports provider specific data in a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

         
      Operation Name"exportData"
      ParametersObject [] {  formatfilenameconstraints }

      where:

      • format is an object of type java.lang.String that specifies:

        - The format for exporting provider specific data.

      • filename is an object of type java.lang.String that specifies:

        - The full path to the filename used to write data.

      • constraints is an object of type java.util.Properties that specifies:

        - The constraints to be used when exporting data. A null value indicates that all data will be exported.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.ErrorCollectionException

      getCurrentName

      The name of the current item in the list. Returns null if there is no current item.

         
      Operation Name"getCurrentName"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getGroupDescription

      Gets a group's description.

         
      Operation Name"getGroupDescription"
      ParametersObject [] {  groupName }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name of an existing group.
      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      getUserDescription

      Gets a user's description.

         
      Operation Name"getUserDescription"
      ParametersObject [] {  userName }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name of an existing user.
      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      groupExists

      Indicates whether the specified group exists.

         
      Operation Name"groupExists"
      ParametersObject [] {  groupName }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name that this method evaluates.
      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidParameterException

      haveCurrent

      Returns true if there are more objects in the list, and false otherwise.

         
      Operation Name"haveCurrent"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      importData

      Imports provider specific data from a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

         
      Operation Name"importData"
      ParametersObject [] {  formatfilenameconstraints }

      where:

      • format is an object of type java.lang.String that specifies:

        - The format for importing provider specific data.

      • filename is an object of type java.lang.String that specifies:

        - The full path to the filename used to read data.

      • constraints is an object of type java.util.Properties that specifies:

        - The constraints to be used when importing data. A null value indicates that all data will be imported.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.ErrorCollectionException

      isMember

      Indicates whether a user or group is a member of the group that you specify. A recursive search returns true if the member belongs to the group that you specify or to any of the groups contained within that group."

         
      Operation Name"isMember"
      ParametersObject [] {  parentGroupNamememberUserOrGroupNamerecursive }

      where:

      • parentGroupName is an object of type java.lang.String that specifies:

        - The existing group within which this method searches for membership.

      • memberUserOrGroupName is an object of type java.lang.String that specifies:

        - The user or group name for which this method searches.

      • recursive is an object of type java.lang.Boolean that specifies:

        - If set to true, the criteria for membership extends to any groups within the group that is specified by parentGroupName.

        If this argument is set to false, then this method checks only for direct membership within the parentGroupName.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Boolean" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      listGroupMembers

      Searches within a group for user and group (member) names that match a pattern. Returns a cursor (string). You can use methods from weblogic.management.utils.NameLister (which this MBean extends) to iterate through the returned list.

      This method does not sort the results or distinguish user and group names. You can use the groupExists method to determine whether a name refers to an existing group.

         
      Operation Name"listGroupMembers"
      ParametersObject [] {  groupNamememberUserOrGroupNameWildcardmaximumToReturn }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The existing group within which this method searches for members.

      • memberUserOrGroupNameWildcard is an object of type java.lang.String that specifies:

        - The pattern for which this method searches The pattern can end with an * (asterisk) as a wildcard, which matches any string of characters. The search is not case-sensitive. ' *

        For example, a pattern of abc matches exactly one name that contains only abc, a pattern of ab* matches all user and group names that start with ab, and a pattern of * matches all user and group names.

      • maximumToReturn is an object of type java.lang.Integer that specifies:

        - The maximum number of user and group names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If this parameter is set to 0, all results are returned.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Integer" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      listGroups

      Searches for a user name that matches a pattern.

      This method returns a cursor that you can pass to the methods from weblogic.management.utils.NameListerMBean (which this MBean extends) to iterate through the returned list.

      This method does not sort the results.

         
      Operation Name"listGroups"
      ParametersObject [] {  groupNameWildcardmaximumToReturn }

      where:

      • groupNameWildcard is an object of type java.lang.String that specifies:

        -

        The pattern for which this method searches. The pattern can end with an * (asterisk) as a wildcard, which matches any string of characters. The search is not case-sensitive.

        For example, a pattern of abc matches exactly one group name that contains only abc, a pattern of ab* matches all group names that start with ab, and a pattern of * matches all group names.

      • maximumToReturn is an object of type java.lang.Integer that specifies:

        - The maximum number of group names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If the parameter is set to 0 there is no maximum and all results are returned.
      SignatureString [] { "java.lang.String", "java.lang.Integer" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidParameterException

      listMemberGroups

      Lists the groups that directly contain a user or a group. Returns a cursor (string).You can use methods from weblogic.management.utils.NameLister (which this MBean extends) to iterate through the returned list.

         
      Operation Name"listMemberGroups"
      ParametersObject [] {  memberUserOrGroupName }

      where:

      • memberUserOrGroupName is an object of type java.lang.String that specifies:

        - The name of an existing user or group.
      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      listUsers

      Searches for a user name that matches a pattern.

      This method returns a cursor that you can pass to the methods from weblogic.management.utils.NameListerMBean (which this MBean extends) to iterate through the returned list.

      This method does not sort the results.

         
      Operation Name"listUsers"
      ParametersObject [] {  userNameWildcardmaximumToReturn }

      where:

      • userNameWildcard is an object of type java.lang.String that specifies:

        - The pattern for which this method searches. The pattern can end with an * (asterisk) as a wildcard, which matches any string of characters. The search is not case-sensitive.

        For example, a pattern of abc matches exactly one user name that contains only abc, a pattern of ab* matches all user names that start with ab, and a pattern of * matches all user names.

      • maximumToReturn is an object of type java.lang.Integer that specifies:

        - The maximum number of user names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If the parameter is set to 0 there is no maximum and all results are returned.
      SignatureString [] { "java.lang.String", "java.lang.Integer" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidParameterException

      removeGroup

      Removes a group. If the group contains members, the members are not removed.

         
      Operation Name"removeGroup"
      ParametersObject [] {  groupName }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name of an existing group.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      removeMemberFromGroup

      Removes a user or group (member) from a group. If the member is not in the group, this method does nothing.

         
      Operation Name"removeMemberFromGroup"
      ParametersObject [] {  groupNamememberUserOrGroupName }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name of an existing group from which this method removes a member.

      • memberUserOrGroupName is an object of type java.lang.String that specifies:

        - The name of the member, which must be an existing user or group.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      removeUser

      Removes a user.

         
      Operation Name"removeUser"
      ParametersObject [] {  userName }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name of an existing user.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      resetUserPassword

      Used by an administrator to change a user's password.

         
      Operation Name"resetUserPassword"
      ParametersObject [] {  userNamenewPassword }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name of an existing user.

      • newPassword is an object of type java.lang.String that specifies:

        - The new password for the user. The Authentication provider determines the syntax requirements for passwords.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      setGroupDescription

      Sets the description for an existing group.

         
      Operation Name"setGroupDescription"
      ParametersObject [] {  groupNamedescription }

      where:

      • groupName is an object of type java.lang.String that specifies:

        - The name of an existing group.

      • description is an object of type java.lang.String that specifies:

        - The description of the group.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      setUserDescription

      Sets the description for an existing user.

         
      Operation Name"setUserDescription"
      ParametersObject [] {  userNamedescription }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name of an existing user.

      • description is an object of type java.lang.String that specifies:

        - The description of the user.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      userExists

      Indicates whether the specified user exists.

         
      Operation Name"userExists"
      ParametersObject [] {  userName }

      where:

      • userName is an object of type java.lang.String that specifies:

        - The name that this method evaluates.
      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidParameterException

      wls_getDisplayName

         
      Operation Name"wls_getDisplayName"
      Parametersnull
      Signaturenull
      ReturnsString